diff options
| author | andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> | 2004-09-02 23:13:10 +0000 |
|---|---|---|
| committer | andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> | 2004-09-02 23:13:10 +0000 |
| commit | c9f76017636e3cd8976ed1064de75268c9d4fab1 (patch) | |
| tree | 70ea04a5934546b070f3e0c403629fe4da7aa444 /init | |
| parent | 0ff878f559f184f0e84b3d14024d85b6cfae6af4 (diff) | |
| download | busybox-w32-c9f76017636e3cd8976ed1064de75268c9d4fab1.tar.gz busybox-w32-c9f76017636e3cd8976ed1064de75268c9d4fab1.tar.bz2 busybox-w32-c9f76017636e3cd8976ed1064de75268c9d4fab1.zip | |
Jonas Holmberg from axis dot com writes:
This patch makes msh handle variable expansion within backticks more
correctly.
Current behaviour (wrong):
--------------------------
BusyBox v1.00-rc3 (2004.08.26-11:51+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.
$ A='`echo hello`'
$ echo $A
`echo hello`
$ echo `echo $A`
hello
$
New behaviour (correct):
------------------------
BusyBox v1.00-rc3 (2004.08.26-11:51+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.
$ A='`echo hello`'
$ echo $A
`echo hello`
$ echo `echo $A`
`echo hello`
$
The current behaviour (wrong according to standards) was actually my
fault. msh handles backticks by executing a subshell (which makes it
work on MMU-less systems). Executing a subshell makes it hard to only
expand variables once in the parent. Therefore I export all variables
that will be expanded within the backticks and let the subshell handle
the expansion instead.
The bug was found while searching for security leaks in CGI-scripts.
Current behaviour of msh makes it easy to expand backticks by mistake
in $QUERY_STRING. I recommend appling the patch before release of bb
1.00.
/Jonas
git-svn-id: svn://busybox.net/trunk/busybox@9199 69ca8d6d-28ef-0310-b511-8ec308f3f277
Diffstat (limited to 'init')
0 files changed, 0 insertions, 0 deletions